Hitachi Vantara Pentaho Community Wiki

Cross Site Scripting (XSS)

Skip to end of metadata
Go to start of metadata

The platform currently uses ESAPI, the OWASP Enterprise Security API. To use it in a project, add this line to ivy.xml:

<dependency org="org.owasp" name="ESAPI" rev="2.0_rc6" transitive="false" />

To use it in a JSP:

<%@page import="org.owasp.esapi.ESAPI"%>
var javaScriptVar = "<%= ESAPI.encoder().encodeForJavaScript(someInputFromTheUser) %>";

Please review this excellent resource:

XSS Prevention Cheat Sheet

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.